VulnerableCode Package Details - pkg:npm/pdf-image@2.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-5m96-vm1v-k3fw Aliases: CVE-2020-8132 GHSA-rv7p-mmwq-x674	Improper Input Validation A lack of input validation in pdf-image npm package version may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.	There are no reported fixed by versions.
VCID-qsmd-1sz9-bufq Aliases: CVE-2026-26830 GHSA-q5mh-72xg-628w	pdf-image has an OS Command Injection Vulnerability through its pdfFilePath parameter pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to interpolate user-controlled file paths into shell command strings that are executed via child_process.exec().	There are no reported fixed by versions.
VCID-unhb-m3vk-zqdc Aliases: CVE-2018-3757 GHSA-5gwh-g79j-vh4q	Command Injection - Generic Command injection in 'pdf-image'	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-5m96-vm1v-k3fw
Aliases:
CVE-2020-8132
GHSA-rv7p-mmwq-x674

Improper Input Validation A lack of input validation in pdf-image npm package version may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.

There are no reported fixed by versions.

VCID-qsmd-1sz9-bufq
Aliases:
CVE-2026-26830
GHSA-q5mh-72xg-628w

pdf-image has an OS Command Injection Vulnerability through its pdfFilePath parameter pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to interpolate user-controlled file paths into shell command strings that are executed via child_process.exec().

There are no reported fixed by versions.

VCID-unhb-m3vk-zqdc
Aliases:
CVE-2018-3757
GHSA-5gwh-g79j-vh4q

Command Injection - Generic Command injection in 'pdf-image'

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
VCID-unhb-m3vk-zqdc	Command Injection - Generic Command injection in 'pdf-image'	CVE-2018-3757 GHSA-5gwh-g79j-vh4q

Vulnerability

Summary

Aliases

VCID-unhb-m3vk-zqdc

Command Injection - Generic Command injection in 'pdf-image'

CVE-2018-3757
GHSA-5gwh-g79j-vh4q

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-07T20:52:12.651609+00:00	GHSA Importer	Affected by	VCID-qsmd-1sz9-bufq	https://github.com/advisories/GHSA-q5mh-72xg-628w	38.6.0
2026-06-07T20:45:31.393606+00:00	GHSA Importer	Affected by	VCID-5m96-vm1v-k3fw	https://github.com/advisories/GHSA-rv7p-mmwq-x674	38.6.0
2026-06-06T07:34:25.030659+00:00	GitLab Importer	Affected by	VCID-qsmd-1sz9-bufq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/pdf-image/CVE-2026-26830.yml	38.6.0
2026-06-05T21:13:08.924379+00:00	GHSA Importer	Fixing	VCID-unhb-m3vk-zqdc	https://github.com/advisories/GHSA-5gwh-g79j-vh4q	38.6.0
2026-06-04T17:23:07.648958+00:00	GithubOSV Importer	Fixing	VCID-unhb-m3vk-zqdc	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-5gwh-g79j-vh4q/GHSA-5gwh-g79j-vh4q.json	38.6.0
2026-06-04T16:19:49.797999+00:00	GitLab Importer	Affected by	VCID-5m96-vm1v-k3fw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/pdf-image/CVE-2020-8132.yml	38.6.0
2026-06-02T04:37:45.015150+00:00	GitLab Importer	Affected by	VCID-unhb-m3vk-zqdc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/pdf-image/CVE-2018-3757.yml	38.6.0
2026-06-02T03:45:05.108514+00:00	Npm Importer	Fixing	VCID-unhb-m3vk-zqdc	https://github.com/nodejs/security-wg/blob/main/vuln/npm/438.json	38.6.0